Sentry Firewall is a free open-source network firewall Linux distribution that was first published in 2001 and has been the subject of multiple magazine reviews.[1][2] The distribution is particularly notable because it consists solely of a bootable CD-ROM that is designed to be used in a computer with no hard disk. Configuration information is retrieved at boot time by automatically searching on an attached floppy disk drive, USB flash memory drive, or another server on the local network willing to provide the configuration.
Contents |
Sentry Firewall starts from CD-ROM and immediately constructs a RAM disk in the computer's memory. Before the system fully boots, a script searches for removable media containing a file called "sentry.conf". If that file is found, it may contain detailed instructions and a list of files to be copied from the removable media to the RAM disk before the system is finally allowed to boot.
The CD-ROM is pre-loaded with a variety of configurable network tools, including iptables.
Because the RAM disk is created each time the machine boots, it is possible to recover from any sort of problem simply by rebooting the machine. From a security perspective, this is compelling because the machine essentially becomes immune to viruses or file corruption - or at least the effects of either problem can't survive a reboot.
While basic Linux familiarity is necessary to configure a basic set of files necessary to use the firewall, there exists Windows programs capable of creating the bulk of the configuration scripts based on interaction with a graphical user interface. Firewall Builder is one such example; this program also works with other firewall products unrelated to Sentry Firewall.
According to the project's maintainer, Sentry Firewall has not been updated since its January 2005 release[3]. However, despite its age, the most recent release is very suitable for a basic firewall system, and remains customizable by its nature.
|